Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a99d328abc3bf11…

MALICIOUS

PDF

13.0 KB Created: 2019-04-30 09:18:35 +01:00 Authoring application: mPDF 5.7
MD5: 76f289578766ef40ebf0c8d99de13f35 SHA-1: 46e63e8725cddfa29bcb900deceedeaada72717d SHA-256: 3a99d328abc3bf118187af22f2240ece7567366e171313cdcb61babd4f32224e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded URLs, identified by the PDF_SEO_LINK_FARM heuristic. These URLs point to book titles, suggesting a potential lure or a method to distribute content. While the URLs themselves are marked as benign, the sheer volume and the nature of the heuristic indicate a malicious intent, likely for SEO manipulation or to redirect users to potentially harmful sites. No scripts were extracted from this sample.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6738735735731734/Bundle-F-te-des-m-res---Nora-Roberts-La-saga-des-O-Hurley-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/3739733731732735/Liar-Liar-The-Theory-Practice-and-Destructive-Properties-of-Deception-Liar-Liar-1-by-Gary-Paulsen.pdf
    • http://cefasfese.4pu.com/1738736735733734/The-Next-Always-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/6732734733737730/Ao-P-r-Do-Sol-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/1738736739736732/Ever-After-Once-Upon-2-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/9730739737730/Hot-Ice-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/1732734738739730/The-Collector-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/6730732735730736/L-le-des-secrets-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/4738735735738733/The-Villa-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/4737739731738736/Tribute-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/2735739736733731/Less-of-a-Stranger-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/8730738738731/The-Witness-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/2735739736733737/Once-More-With-Feeling-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/3738739737739735/Homeport-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/1730735732731730/The-Search-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/3738733734739738/The-Law-Is-a-Lady-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/3739732738737738/The-Villa-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/2734738738731738/The-Collector-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/3734737734737731/Montana-Sky-by-Nora-Roberts.pdf
    • http://cefasfese.4pu.com/4738738733738739/Montana-Sky-by-Nora-Roberts.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.